Encode / Decode Tools

Format and validate JSON, encode and decode Base64 and URLs, generate SHA hashes and UUIDs — the everyday developer toolkit, running entirely in your browser.

Ad space (header)

Everything runs locally using your browser's built-in crypto. Your data never leaves this page. (MD5 is deliberately absent — it's been broken for years; the guides below explain what to use instead.)

Ad space (mid)

What’s in the toolkit

Four modes cover the conversions developers reach for daily. JSON: format with 2-space indentation, minify for payloads, and validate with a real error message instead of a silent failure. Base64: encode and decode with full UTF-8 support — accented characters and emoji survive the round trip, which naive implementations get wrong. URL: percent-encode and decode text for query strings. Hash: CRC32, SHA-1, SHA-256, and SHA-512 of any text, plus a one-click UUID v4 generator.

The "use output as input" button chains operations — decode a Base64 blob, discover it’s JSON, format it, all without re-pasting.

Why running locally matters here

Developers paste sensitive things into tools like this: API payloads, tokens, config fragments. Many online converters send your input to a server, and you have no idea what happens to it there. Everything on this page — including the hashing, via your browser’s built-in Web Crypto — executes on your machine. Airplane mode works fine.

A word about MD5

You may notice MD5 is missing. That’s deliberate. MD5 has been cryptographically broken since 2004 — collisions can be manufactured on a laptop — and offering it quietly encourages bad habits. For checksums use CRC32 or SHA-256; for anything security-adjacent use SHA-256 or better. Our hashing guide below covers what each is actually for.

Frequently asked questions

Is Base64 encryption?

No — this is the most important fact about Base64. It is an encoding, trivially reversible by anyone. It makes binary data safe to transmit as text; it provides zero secrecy. Never treat Base64 as protection for secrets.

Why does my JSON fail validation when it looks fine?

The usual culprits: single quotes instead of double, a trailing comma after the last item, unquoted keys, or comments (standard JSON allows none of these). The validator reports the position where parsing failed, which usually points straight at the culprit.

Is anything I paste sent to a server?

No. Encoding, decoding, hashing, and UUID generation all run in your browser. The page works offline once loaded.

Written and maintained by the Encode / Decode Tools team. Last reviewed July 2026.

Ad space (footer)